Related Articles:

In October, the U.S. House of Representatives and the U.S. Senate approved the Internet Tax Freedom Act Amendments Act of 2007 (H.R. 3678), with President Bush signing the bill into law on Oct. 31, 2007. The law extends a moratorium that bars state and local governments from taxing Internet access. That moratorium, first put into place in 1998, now extends through Nov. 1, 2014.

In addition to blocking Internet-access taxes, the moratorium also applies to multiple taxes on e-commerce. In other words, transactions taxed by one jurisdiction can’t be taxed by another. Discriminatory taxes are also forbidden. A discriminatory tax is one that applies to an Internet transaction but not to offline transactions such as catalog sales.

The newly enacted seven-year moratorium represents a compromise between government officials, who seek the ability to revisit Internet taxation, and industry groups that support a permanent ban. Industry groups plan to continue pushing for the moratorium to be made permanent.

“I don’t think anyone in the industry or anyone concerned about [the] future of the Internet could give up on the notion of a permanent tax moratorium,” said Roger Cochetti, group director of U.S. public policy at the Computing Technology Industry Association.

A spokesperson for the ITAA (Information Technology Association of America) said that the organization is pleased with the moratorium’s substantial extension, but it will continue to work for a permanent ban.

The National Association of Counties, meanwhile, praised the law’s lack of a permanent ban.

“It is flexible because we cannot predict the Internet of the future and we need the ability to review that new world at that time,” the organization noted in a statement. The National Governors Association also commended the measure.

Franck Journoud, manager of information security policy at the Business Software Alliance, said that the identity-theft bill also stands out for making it easier to prosecute individuals deploying botnets. Current federal criminal law sets a $5,000 aggregate damage threshold for prosecuting unauthorized access to computers.

Journoud said that threshold makes prosecuting bot herders a chore because the damage to individual computers is often minimal. He noted that law enforcement would have to identify numerous botnet victims — owners of zombie computers — and tally the damage done to each.

The bill, however, would eliminate that monetary threshold. Instead, the bill sets the standard as damage affecting 10 or more computers, which Journoud said will make it easier to pursue bot herders.

Another provision of the bill would permit prosecution of individuals who steal personal information from a computer located in the same state as the attacker’s computer. Today, federal courts’ jurisdiction extends only to attacks involving interstate or foreign communication.

Journoud and other industry executives said that the identity-theft bill addresses critical shortcomings in current law.

“It’s important to bear in mind that cybercriminals are very adept at exploiting every gap or loophole in criminal law,” Journoud said. “It’s important to plug every single one of those holes. This is what this bill attempts to do.”

“I think there is a recognition that there are gaps in the laws currently in place that need to be filled,” said Tim Jemal, senior vice president of government relations at the Cyber Security Industry Alliance.

The identity-theft bill is now before the House of Representatives. Jemal said prospects for passage this year are good, given the momentum from the Senate’s action in November.

Journoud said he believes the outlook is good for passage this year or early 2008.

“In our discussions with the leaders of the House Judiciary Committee, it is very clear that they want to act and want to act soon,” Journoud said.

He cited John Conyers (D-Mich.), chairman of the House Judiciary Committee, and Lamar Smith (R-Texas), the committee’s ranking member, as advocates of the bill. He also noted Adam Schiff (D-Cailf.) and Steve Chabot (R-Ohio) as committee members who back the bill.

Other Bills

The cybercrime bill, however, addresses only part of the information-security problem, Jemal said. He pointed to pending data-breach and data-security legislation that seeks to protect sensitive personal information.

Liesyl Franz, vice president for information security programs at ITAA, cited the Federal Agency Data Breach Protection Act (H.R. 2124) as an example of legislation targeting the broader problem of security. The Senate counterpart of that bill is S. 1558.

While those bills address federally maintained data, the Data Accountability and Trust Act (H.R. 958) applies to anyone who engages in interstate commerce and maintains personal information in electronic form. The bill calls for such entities to establish and deploy policies for securing personal data. On the Senate side, the Personal Data Privacy and Security Act (S. 495) is similar in scope.

None of those bills has progressed as far as the identity-theft bill. But in addressing those measures as well, “we would have a more complete picture,” Franz said.

Use of this site is governed by our Terms of Use and Privacy Policy.
Copyright 1996- Ziff Davis, LLC. All Rights Reserved.
Reproduction in whole or in part in any form or medium without express written permission
of Ziff Davis, LLC. is prohibited.PCMag Digital Group